Operational Workflow

The operational workflow for our third-party banner functionality follows an 8-stage sequence to maintain security and integrity.

Campaign definition and governance:

A Third-party organisation defines a research, recruitment, or partner campaign. We determine if and how the campaign operates within our technical and governance environment. The table below provides examples of decisions which would typically be determined by PKB and the Third-party:

Internal eligibility matching:

We perform internal matching against coded or structured records within our secure environment.

This may include:

• Coded clinical data.

• Condition flags.

• Age bands.

• Contact eligibility indicators.

It is important to note that no patient-identifiable data is disclosed to the third party at the matching stage.

Patient invitation and banner presentation:

Eligible patients may see an informational banner or invitation within our platform or the NHS App. This banner provides transparency information and explains the opportunity.

Please note that Third-parties do not receive patient-identifiable information merely because the banner is displayed.

Third-party screening and assessment:

Patients independently decide whether to engage with the opportunity. If they choose to engage, the third party may present screening questions or onboarding processes.

Patient-directed sharing:

The patient selects the recipient, confirms the sharing action, and authorises the specific dataset . We treat this as a patient-directed action rather than consent on behalf of the Third-party.

Please note that PKB does not treat this as Consent on behalf of the Third-party.

The disclosure is treated as a patient-directed sharing action whereby the Third-party separately determines its processing basis upon receipt of this sharing action.

Secure technical transmission:

We securely facilitate the onward transmission of data as instructed by the patient. This process includes encryption in transit, integrity validation, and access logging.

At this stage, PKB holds the following governance role:

• Technical facilitator for transmission: Executing data movement as instructed by the patient.

• Data Controller for technical processing mechanics: Responsible for security and integrity of data transfer channels.

• PKB remains responsible for governance and technical security of the disclosure and transmission workflow within its environment. Recipient organisations separately determine and remain responsible for their lawful basis, governance obligations, and downstream processing after receipt.

Third-party organisations determine their governance position as Independent Controllers of the data shared by the patient.

Third-party processing:

Examples of Third-party processing may include research recruitment and trial screening. Following receipt of the patient-directed sharing, the third party processes the information under its own governance framework. The recipient organisation assumes responsibility as an Independent Controller, including the following responsibilities:

• Lawful basis assessments.

• Article 9 conditions where relevant.

• DPIAs where applicable.

• Transparency materials such as Privacy Notices and User Agreements.

• Retention schedules.

• Access controls.

• Research Safeguards where applicable.

Withdrawal and retention:

Patients may stop future sharing within our platform at any time.

While transferred data may not be retractable from Third-party systems, our audit log remains a permanent record of what was shared.

Simplified Workflow Mapping

Open

Roles and Responsibilities - Breakdown

The following table provides a breakdown of the separate Data Controller responsibilities to ensure accountability for both the Patients Know Best platform and the Third-party organisation.